Professional Documents
Culture Documents
After conducting a study and analysis of the vulnerabilities of current Wi Fi Security industrial standards, we consider the possibility a new security architecture for Wi Fi which we call Wi Fi P+. Wi-Fi P+ is not a complex security architecture. It act as an additional security layer implemented over WPA/WPA2. It also implements some already available features that are not built in with WPA/WPA2.
Abstract
Current Industrial standards of Wi-Fi security are found to have security loop holes, making it possible for hackers to break it. So we consider the possibility of a new technology for Wi-Fi security. We call it Wi-Fi P+ or Wireless Fidelity Protection Plus
Vulnerabilities in WEP
WEP (Wired Equivalent Privacy) is based on the RC4 encryption algorithm, with a secret key of 40 bits or 104 bits being combined with a 24-bit Initialization Vector (IV) to encrypt the plaintext message M and its checksum the ICV (Integrity Check Value). The encrypted message C was therefore determined using the following formula: C = [ M || ICV(M) ] + [ RC4(K || IV) ] Where || is a concatenation operator and + is a XOR operator. Clearly, the initialization vector is the key to WEP security, so to maintain a decent level of security and minimize disclosure the IV should be incremented for each packet so that subsequent packets are encrypted with
Introduction
Wi-Fi is common nowadays. Every educational institutions and business organizations has got their perimeter covered in Wi-Fi. All the confidential data being transmitted through Wi-Fi, makes it a target for Hackers. To secure it, some Wi-Fi security standards like WEP, WPA, and WPA2 are introduced. Each of them is introduced when the previous security architecture was found to be a failure. But in present situation all of these industrial standard Wi Fi security architectures are found to have vulnerabilities so that a hacker can hack into the Wi Fi network.
different keys. Unfortunately for WEP security, the IV is transmitted in plain text and the 802.11 standard does not mandate IV incrimination, leaving this security measure at the option of particular wireless access point implementations.
The WEP protocol was not created by experts in security or cryptography, so it quickly proved vulnerable to RC4 issues described by David Wagner four years earlier. Then a lot of vulnerabilities were discovered during the later years. Some of them are:
Date September 1995 October 2000 May 2001 July 2001 August 2001 August 2001 February 2002 August 2004 July/August 2004 Description Potential RC4 vulnerability (Wagner) First publication on WEP weaknesses: Unsafe at any key size; An analysis of the WEP encapsulation (Walker) An inductive chosen plaintext attack against WEP/WEP2 (Arbaugh) CRC b it flipping attack Intercepting Mob ile Communications: The Insecurity of 802.11 (Borisov, Goldberg, Wagner) FMS attacks Weaknesses in the Key Scheduling Algorithm of RC4 (Fluhrer, Mantin, Shamir) Release of AirSnort Optimized FMS attacks by h1kari KoreK attacks (unique IVs) release of chopchop and chopper Release of Aircrack (Devine) and WepLab (Sanchez ) implementing KoreK attacks
Threats on Wi-Fi
Ad-hoc networks
Ad-hoc network can pose to high security threat. Ad-hoc networks are defined as peer-to-peer networks between wireless computers that do not have an access point in between them. While these types of networks usually have little protection, encryption methods can be used to provide security.
The WEP Cracking tool released on 2004, Aircrack was able to crack 128 bit WEP key.
MAC Spoofing
MAC spoofing occurs when a cracker is able to listen in on network traffic and identify the MAC address of a computer with network privileges. Most wireless systems allow some kind of MAC filtering to only allow authorized computers with specific MAC addresses to gain access and utilize the network. However, a number of programs exist that have network sniffing capabilities. Combine these programs with other software that allow a computer to pretend it has any MAC address that the cracker desires, and the cracker can easily get around that hurdle.
Man-in-the-middle attacks
A man-in-the-middle attacker entices computers to log into a computer which is set up as a soft AP (Access Point). Once this is done, the hacker connects to a real access point through another wireless card offering a steady flow of traffic through the transparent hacking computer to the real network. The hacker can then sniff the traffic. One type of man-in-the-middle attack relies on security faults in challenge and handshake protocols to execute a deauthentication attack. This attack forces AP-connected computers to drop their connections and reconnect with the crackers soft AP.
War driving
War driving is the act of searching for open Wi-Fi networks by a person in a moving vehicle using a portable computer, smartphone or PDA.
Denial of service
A Denial-of-Service attack (DoS) occurs when an attacker continually bombards a targeted AP (Access Point) or network with bogus requests, premature successful connection messages, failure messages, and/or other commands. These cause legitimate users to not be able to get on the
implemented that can safe guard from this attack and data theft.
MAC Spoofing detection by wireless Intrusion Detection System. Logging Wi-Fi users. The IP address, MAC addresses as well as computer name and operating system name is logged. Network Encryption using simple random key. This encryption method doesnt make your data transfer slow as it uses simple and fast random key encryption. Wi-Fi range limiting can be implemented with Wi-Fi P+. Controlling of Wi-Fi sharing by the users who are under a Wi-Fi network. Administrator can restrict peer to peer Wi-Fi sharing by genuine users under the Wi-Fi network. DOS attack discovery and blacklisting the attacker. Using Static IP instead of Dynamic IP. Disabling at least the IP Address assignment function of the network's DHCP server, with the IP addresses of the various network devices then set by hand will also make it more difficult for a casual or unsophisticated intruder to log onto the network. Built-in Honey Pot for intrusion and attack detection. Honey Pots are traps, waiting for hackers, which seems to be vulnerable, but actually traps the attacker and reveals his identity. VPN (Virtual Private Network) for data security and privacy. It is a credible and
Solution is Wi-Fi P+
The WPA/WPA2 is vulnerable because all the information required for the generation of Pairwise Transient Key (PTK) formed from Pre-shared Key (PSK) is transmitted in plain text. Hackers can do dictionary attack or brute force attack on the plain text data to get the password key. So here comes the need of Wi-Fi P+. Wireless Fidelity Protection Plus adds up an additional security layer for WPA/WP2 by encrypting the plain text information transferred from PMK. It uses a simple but powerful encryption method given by the equation: P-PMK = PMK + (256 bit random protection key) Where P-PMK is the protected PMK and + is XOR operator. Here we are doing the XOR operation of plaintext information derived from PMK and a randomly generated number, simply generated using a random() function which makes this encryption method simple, fast and almost solid secure since it is almost impossible to decrypt 256 bit random numbers even by performing a dictionary attack or brute forcing with a super computer. Wi-Fi P+ also imparts additional inbuilt security features like: MAC address filtering allows the administrator to restrict the access to a Wi-Fi network based on MAC address. By implementing MAC address filtering, the computers with MAC addresses allowed by the administrator can only connect to the Wi-Fi network.
Implementation of Wi-Fi P+
Implementation of Wi-Fi P+ on an existing WPA/WPA2 is simple. It can act as an addon for the router firmware. It can be installed along with the router firmware.
Conclusion
Current dominant standards of wireless security are found to be vulnerable even with their complex security architecture and here comes the importance of Wi-Fi P+ with its flaw less secure layer along with other additional protective features, ease of use and implementation makes it a good option for organizations, where secure data transmission is a concern.
LANs. April 2002. URL: http://www.avaya.co.uk/Resource_L ibrary/downloads/msn1710.pdf CERT. Configure firewall packet filtering. July 1999. URL: http://w ww.cert.org/securityimprovement/practices/p058.html Cisco. Wireless LAN security white paper Cisco Aironet 1200 series. URL: http://www.cisco.com/en/US/produ cts/hw/wireless/ps430/products_w hite_paper09186a00800b469f.shtml Geier Jim. OptimumPath secure access wireless router. August 28, 2003. URL: http://www.wifiplanet.com/reviews /AP/article.php/3070111 Kelley Diana, Phifer Lisa. 802.11 Planet - WLAN security tutorial. June 2003. Marshall Trevor. Antennas Enhance WLAN Security. URL: http://www.winncom.com/html/wir eless-trevormarshall.shtml Roberts Paul. Expert releases Cisco wireless hacking tool. April 8, 2004. URL: http://www.computerworld.com/se curitytopics/security/hacking/story/ 0,10801,92049,00.html Schafer Marlon. How to Pick the Right Antenna. 2001. URL: http://www.odessaoffice.com/wirel ess/antenna/how_to_pick_the_right _antenna.htm Symbol. Why Not Broadcasting the SSID' is not a Form of Security. March 25,2003.
URL: http://www.symbol.com/products/ wireless/broadcasting_ssid_.html Wi-Fi Alliance. Wi-Fi protected access overview. October 31, 2002. URL: http://www.weca.net/OpenSection/ pdf/WiFi_Protected_Access_Overvie w.pdf Deploying Wi-Fi Protected Access (WPA) and WPA2 in the Enterprise- Wi-Fi Alliance The State of Wi-Fi Security Wi-Fi CERTIFIED WPA2 Delivers Advanced Security to Homes, Enterprises and Mobile Devices- WiFi Alliance URL: http://compnetworking.about.com/ cs/wirelesssecurity/g/bldef_wpa.ht m URL: http://www.labnol.org/internet/sec ure-your-wireless-wifinetwork/10549/ URL: http://en.wikipedia.org/wiki/Preshared_key URL: http://compnetworking.about.com/ od/wirelesssecurity/tp/wifisecurity. htm URL: http://compnetworking.about.com/ cs/wirelessfaqs/f/adhocwireless.htm URL: http://compnetworking.about.com/ cs/wirelessproducts/qt/macaddress. htm URL: http://en.wikipedia.org/wiki/Wirele ss security URL: